d4af89b3f9b1bf6f61a139e3eefe439b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d4af89b3f9b1bf6f61a139e3eefe439b_JaffaCakes118
Size

540KB
MD5

d4af89b3f9b1bf6f61a139e3eefe439b
SHA1

ec376055ce6aa78529a76788e6dddb3f338bc277
SHA256

ed5903da8091c6e98b3c357dacae7f8141e99ac593fb9d0cdadd77f82b7ab5ea
SHA512

2047912996931fbd6227752c31b963253f389d55e1d66c078cd498b64d134098350c17adea09e98bc996183f8585a0a97320a2acef2228418853683c0b1fd0a5
SSDEEP

12288:RFb7jkD3v0VBRxE5MBGlcM7UdT0Z7UZWG1j3FLiUh3:RFb3w3v8BRqEM7UdIU1j35im

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4af89b3f9b1bf6f61a139e3eefe439b_JaffaCakes118

Files

d4af89b3f9b1bf6f61a139e3eefe439b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e69365015d755f57a834419659a4adfb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WinExec
CloseHandle
WriteFile
CreateFileA
GetWindowsDirectoryA
LockResource
SizeofResource
Sleep
FindResourceA
SetThreadPriority
GetCurrentThread
GetCurrentProcess
SetPriorityClass
GetShortPathNameA
GetModuleFileNameA
LoadResource
GetEnvironmentVariableA

advapi32

RegOpenKeyA

shell32

ShellExecuteExA
ShellExecuteA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512KB - Virtual size: 512KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE